private async Task <TokenRequestValidationResult> RunValidationAsync(Func <NameValueCollection, Task <TokenRequestValidationResult> > validationFunc, NameValueCollection parameters)
{
// run standard validation
var result = await validationFunc(parameters);
if (result.IsError)
{
return(result);
}
// run custom validation
_logger.LogTrace("Calling into custom request validator: {type}", _customRequestValidator.GetType().FullName);
var customValidationContext = new CustomTokenRequestValidationContext {
Result = result
};
await _customRequestValidator.ValidateAsync(customValidationContext);
if (customValidationContext.Result.IsError)
{
if (customValidationContext.Result.Error.IsPresent())
{
LogError("Custom token request validator error {error}", customValidationContext.Result.Error);
}
else
{
LogError("Custom token request validator error");
}
return(customValidationContext.Result);
}
LogSuccess();
return(customValidationContext.Result);
}
public async Task <TokenRequestValidationResult> ValidateRequestAsync(NameValueCollection parameters, Client client)
{
_logger.LogDebug("Start token request validation");
_validatedRequest = new ValidatedTokenRequest
{
Raw = parameters ?? throw new ArgumentNullException(nameof(parameters)),
Options = _options
};
_validatedRequest.SetClient(client ?? throw new ArgumentNullException(nameof(client)));
/////////////////////////////////////////////
// check client protocol type
/////////////////////////////////////////////
if (client.ProtocolType != IdentityServerConstants.ProtocolTypes.OpenIdConnect)
{
LogError("Client {clientId} has invalid protocol type for token endpoint: {protocolType}", client.ClientId, client.ProtocolType);
return(Invalid(OidcConstants.TokenErrors.InvalidClient));
}
/////////////////////////////////////////////
// check grant type
/////////////////////////////////////////////
var grantType = parameters.Get(OidcConstants.TokenRequest.GrantType);
if (grantType.IsMissing())
{
LogError("Grant type is missing");
return(Invalid(OidcConstants.TokenErrors.UnsupportedGrantType));
}
if (grantType.Length > _options.InputLengthRestrictions.GrantType)
{
LogError("Grant type is too long");
return(Invalid(OidcConstants.TokenErrors.UnsupportedGrantType));
}
_validatedRequest.GrantType = grantType;
switch (grantType)
{
case OidcConstants.GrantTypes.AuthorizationCode:
return(await RunValidationAsync(ValidateAuthorizationCodeRequestAsync, parameters));
case OidcConstants.GrantTypes.ClientCredentials:
return(await RunValidationAsync(ValidateClientCredentialsRequestAsync, parameters));
case OidcConstants.GrantTypes.Password:
return(await RunValidationAsync(ValidateResourceOwnerCredentialRequestAsync, parameters));
case OidcConstants.GrantTypes.RefreshToken:
return(await RunValidationAsync(ValidateRefreshTokenRequestAsync, parameters));
default:
return(await RunValidationAsync(ValidateExtensionGrantRequestAsync, parameters));
}
}
async Task <TokenRequestValidationResult> RunValidationAsync(Func <NameValueCollection, Task <TokenRequestValidationResult> > validationFunc, NameValueCollection parameters)
{
// run standard validation
var result = await validationFunc(parameters);
if (result.IsError)
{
return(result);
}
// run custom validation
_logger.LogTrace("Calling into custom request validator: {type}", _customRequestValidator.GetType().FullName);
var customValidationContext = new CustomTokenRequestValidationContext {
Result = result
};
await _customRequestValidator.ValidateAsync(customValidationContext);
if (customValidationContext.Result.IsError)
{
if (customValidationContext.Result.Error.IsPresent())
{
LogError("Custom token request validator error {error}", customValidationContext.Result.Error);
}
else
{
LogError("Custom token request validator error");
}
return(customValidationContext.Result);
}
LogSuccess();
return(customValidationContext.Result);
}